To whoever hacked into my Database

Tim Delaney timothy.c.delaney at gmail.com
Thu Nov 7 23:45:02 CET 2013


On 8 November 2013 09:18, Νίκος Αλεξόπουλος <nikos.gr33k at gmail.com> wrote:

> I feel a bit proud because as it seems i have manages to secure it more
> tight. All i need to do was to validate user input data, so the hacker
> won't be able again to pass bogus values to specific variables that my
> script was using.
>

So we now have confirmation that Nikos' site is subject to SQL injection
attacks on anything that he is not specifically validating. And I'm
absolutely sure that he has identified every location where input needs to
be validated, and that it is impossible to get past the level of validation
that he's doing, so the site is completely secure! Just like the last time
he claimed that (and the time before, and the time before that ...).

Nikos, please please please do yourself and your customers a favour and
quit your so-called "business". All you are doing is opening your customers
up to potentially disastrous situations and yourself to lawsuits. It's not
a question of *if*, but *when* one of your customers is compromised to the
extent that they decide to take it out of you.

Also, you're an embarrassment to our profession.

Tim Delaney
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20131108/00d8da72/attachment.html>


More information about the Python-list mailing list